Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS13444.roa
File:                     AS13444.roa (raw, json)
Hash identifier:          Qb7jnKxAEx/r+wKmMP7A9QVkV2pB9DJceecezx98/pg=
Subject key identifier:   BF:35:AB:80:0D:6D:61:11:72:97:27:BC:D6:79:E3:84:2A:7D:01:9F
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       1D1AFF3C90D1ED604EFF4452E6D97CCABE5E571C
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS13444.roa
Signing time:             Fri 16 May 2025 06:54:08 +0000
ROA not before:           Fri 16 May 2025 06:49:08 +0000
ROA not after:            Fri 15 May 2026 06:54:08 +0000
asID:                     13444
IP address blocks:        191.101.179.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Jun 2025 23:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:1a:ff:3c:90:d1:ed:60:4e:ff:44:52:e6:d9:7c:ca:be:5e:57:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: May 16 06:49:08 2025 GMT
            Not After : May 15 06:54:08 2026 GMT
        Subject: CN=BF35AB800D6D6111729727BCD679E3842A7D019F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:bc:4a:95:8c:41:5b:03:23:39:1a:f5:aa:5d:
                    2b:7a:0a:9b:47:a3:28:4e:5a:63:b0:b1:f3:88:e3:
                    5f:40:b2:ae:83:02:cd:dd:8c:90:27:26:5b:c4:8a:
                    b0:77:cf:1b:a7:20:a7:e4:5a:75:98:f5:95:1e:2f:
                    20:2d:7e:6e:1f:0b:70:66:50:8f:78:a8:e0:df:d8:
                    51:43:c0:cb:e6:33:4c:f6:ea:a0:57:02:6b:00:8b:
                    31:e4:5b:92:2c:02:8b:f8:a9:e5:89:1a:9a:d0:d1:
                    86:ad:be:5f:a6:6b:0f:1c:16:59:80:6f:28:23:fc:
                    dc:21:70:93:3b:0f:47:2c:84:03:57:77:30:93:50:
                    0b:6f:d1:c6:f5:d0:57:2c:83:b8:f4:53:ae:16:e8:
                    98:14:be:9a:bf:14:3c:c3:de:02:c4:da:e7:87:f9:
                    49:e5:5e:31:7b:c4:6f:62:e9:a0:d9:1f:3b:76:a2:
                    e1:33:8a:44:b6:55:7b:2c:07:0b:87:f0:86:1d:56:
                    de:d4:8b:43:6d:e7:97:a0:d5:36:30:c0:7e:01:37:
                    e6:38:29:a8:b7:b2:3c:7e:e3:b6:04:5b:b7:91:51:
                    f1:9c:68:dc:a4:d6:90:34:62:d8:39:1d:e0:8a:08:
                    63:94:d5:ba:3b:8b:50:a7:3f:47:df:ab:c0:e8:0b:
                    89:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:35:AB:80:0D:6D:61:11:72:97:27:BC:D6:79:E3:84:2A:7D:01:9F
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS13444.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.101.179.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:46:1b:bb:20:6a:b5:b3:08:be:a8:c8:4a:02:15:4f:0d:f9:
         40:46:7f:da:0a:e3:45:70:d0:e2:04:26:5f:e9:78:ad:3e:2f:
         73:69:10:fd:36:40:22:a7:90:cb:f6:cb:dc:e8:86:12:bb:6f:
         99:32:97:21:1f:19:14:24:45:cb:26:d0:32:f4:3d:35:41:14:
         e9:52:6c:da:b3:c5:8e:8a:2b:01:9c:70:9e:7c:2a:20:4c:69:
         a4:d7:4f:1a:0f:6e:ba:e0:4c:9f:04:ab:af:24:7b:02:6a:7d:
         5f:ec:b4:42:64:94:77:fc:d2:e7:ac:94:95:88:3c:34:9a:28:
         de:ef:f2:a2:1f:82:df:0c:18:1a:73:00:fb:3d:57:05:fb:97:
         f7:64:b7:0d:de:ef:16:da:79:38:86:75:d4:b7:ad:b8:09:f8:
         ea:64:2d:08:23:a2:5a:9b:9e:eb:69:c7:3f:12:09:e9:fd:42:
         74:08:3d:2d:a0:ef:37:7a:e8:98:b1:c2:e4:66:cb:a1:2a:48:
         f4:df:2d:57:82:f3:b2:fa:a1:57:08:a1:6d:2c:6f:af:21:32:
         a8:a5:82:95:59:35:85:50:e7:15:2c:ec:08:95:1d:60:46:30:
         74:a9:d3:45:c0:63:af:a2:51:2b:52:30:3f:12:b9:e1:39:94:
         e2:cb:6a:46
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUHRr/PJDR7WBO/0RS5tl8yr5eVxwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA1MTYwNjQ5MDhaFw0yNjA1MTUwNjU0MDhaMDMxMTAvBgNV
BAMTKEJGMzVBQjgwMEQ2RDYxMTE3Mjk3MjdCQ0Q2NzlFMzg0MkE3RDAxOUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjvEqVjEFbAyM5GvWqXSt6CptH
oyhOWmOwsfOI419Asq6DAs3djJAnJlvEirB3zxunIKfkWnWY9ZUeLyAtfm4fC3Bm
UI94qODf2FFDwMvmM0z26qBXAmsAizHkW5IsAov4qeWJGprQ0Yatvl+maw8cFlmA
bygj/NwhcJM7D0cshANXdzCTUAtv0cb10Fcsg7j0U64W6JgUvpq/FDzD3gLE2ueH
+UnlXjF7xG9i6aDZHzt2ouEzikS2VXssBwuH8IYdVt7Ui0Nt55eg1TYwwH4BN+Y4
Kai3sjx+47YEW7eRUfGcaNyk1pA0Ytg5HeCKCGOU1bo7i1CnP0ffq8DoC4lNAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUvzWrgA1tYRFylye81nnjhCp9AZ8wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTM0NDQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC/ZbMw
DQYJKoZIhvcNAQELBQADggEBAC5GG7sgarWzCL6oyEoCFU8N+UBGf9oK40Vw0OIE
Jl/peK0+L3NpEP02QCKnkMv2y9zohhK7b5kylyEfGRQkRcsm0DL0PTVBFOlSbNqz
xY6KKwGccJ58KiBMaaTXTxoPbrrgTJ8Eq68kewJqfV/stEJklHf80ueslJWIPDSa
KN7v8qIfgt8MGBpzAPs9VwX7l/dktw3e7xbaeTiGddS3rbgJ+OpkLQgjolqbnutp
xz8SCen9QnQIPS2g7zd66JixwuRmy6EqSPTfLVeC87L6oVcIoW0sb68hMqilgpVZ
NYVQ5xUs7AiVHWBGMHSp00XAY6+iUStSMD8SueE5lOLLakY=
-----END CERTIFICATE-----